Date: Tue, 4 Dec 2001 13:52:15 -0600 From: Alfred Perlstein <bright@mu.org> To: David <habeeb@cfl.rr.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: su to root without passwd (you are hacked) Message-ID: <20011204135215.P92148@elvis.mu.org> In-Reply-To: <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>; from habeeb@cfl.rr.com on Tue, Dec 04, 2001 at 01:41:12PM -0500 References: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu> <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
next in thread | previous in thread | raw e-mail | index | archive | help
* David <habeeb@cfl.rr.com> [011204 13:41] wrote:
> No, su without a password for root is not an AI feature where freebsd
> remembers your password. The difference between your 2 boxes seems to be
> clear, 1 of them (the one which does not ask for a password) has some
> backdoors/trojans on it from a novice script kiddie who has compromised your
> box. Your 2nd box could as well be compromised.
Either that or somehow the root password has been nulled out by accident.
Or, the user doing the su'ing somehow has a uid of 0 already.
--
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
http://www.morons.org/rants/gpl-harmful.php3
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011204135215.P92148>